New Body Scanner Regulation does not appear to address Court's mandate

Introduction:

TSA began to deploy Advanced Imaging Technology (AIT) “Body” scanners in 2007, and decided early in 2010 to use the scanners everywhere for primary screening. This decision was challenged by the Electronic Privacy Information Center (EPIC), and in 2011 the court ruled as follows:

“…we grant the petition for review insofar as it claims the TSA has not justified its failure to initiate notice-and-comment rulemaking before announcing it would use AIT scanners for primary screening.” (emphasis added) “…we remand the rule to the TSA but do not vacate it, and instruct the agency promptly to proceed in a manner consistent with this opinion.”

Even though the Court instructed TSA to proceed "promptly", nearly two years passed before before TSA issued the required Notice of Proposed Rulemaking in March 2013.

December 2015: TSA Changes its “Operating Protocol”:

TSA told the court that passengers could opt out of the body scanners, but then in 2015 changed its mind and claimed it had the authority to require passenger screening with these machines, even if a passenger wanted to “opt out”.

March 2016: TSA issues its final rule:

TSA issued its Final Rule in March 2016. The rule text is some 158 pages long, but the new rule itself, as codified in the regulations at 49 CFR 1540.107(d) is only 159 words in total. The rule reads (in part) as follows:

(d) The screening and inspection described in paragraph (a) of this section may include the use of advanced imaging technology. Advanced imaging technology used for the screening of passengers under this section must be equipped with and employ automatic target recognition software and any other requirement TSA deems necessary to address privacy considerations.

Did TSA lose sight of the forest for all the trees?:

The court’s decision focused on the use of AIT scanners for primary screening, but TSA’s final rule (above) makes no mention of this. Moreover, the new rule gives no indication that passengers could face mandatory AIT screening, without the opportunity to opt out, on their next trip to the airport.

Does TSA have the legal authority to order mandatory AIT screening of some (or all) passengers? We believe they do not. As the Court said in its original ruling in 2011,

“Although the statute, 49 U.S.C. § 44925, does require the TSA to develop and test advanced screening technology, it does not specifically require the TSA to deploy AIT scanners let alone use them for primary screening.”

This begs the question: If Congress did not specifically require TSA to deploy AIT scanners, let alone use them for primary screening, does TSA have the authority to direct mandatory AIT screening for some (or all) passengers based upon “security considerations”? What are the “security considerations” to which TSA refers? AIT scanners are not present at all airports; what is to be done when “security considerations” call for mandatory AIT screening, but AIT is not available?

The regulation and final rule do not appear to address any of these issues, and we believe these issues are important. That's why we have brought this action. We will be asking the Court to instruct TSA to go "back to the drawing board", comply with the Court's original decision, and to properly address these and other issues.